[squid-users] RE: Squid + ldap +ssl Secure authentication

Thanks Henrik.

I want to share some information here which would help someone.

This is the exact command which did the trick for me.

auth_param basic program /usr/lib/squid/squid_ldap_auth -b
"ou=yyy,dc=xxx,dc=com" -H ldaps://ldapserver.domain.com:636 -v 3 -f
"uid=%s"

by running 'openssl s_client -connect ldap:636' I got to see the exact
Common Name (CN) and had specify in the command like above.

I got to see successful ldaps connections on my ldap server. Hopefully
-Z is no more needed for me. Please correct me if I am wrong.

To avoid sending plain text from browser to Squid proxy, I created a ssh
tunnel using my putty(from localhost port 8080 to proxy:8080), And I
specified localhost in the browser. This seems to be working fine,
except that I need to keep the putty session open always.

Obviously none of the users want to open a session on their desktop
browser while browsing. Now I am exploring a way to create this ssh
tunnel using some script which should not need any action from the end
user. I appreciate if someone has some information to share with.

Thanks,

Best Regards,
Bhagwan

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Friday, June 15, 2007 3:36 PM
To: Vootla, Bhagwan
Cc: squid-users@squid-cache.org; squid-dev@squid-cache.org
Subject: RE: Squid + ldap +ssl Secure authentication

fre 2007-06-15 klockan 12:42 -0400 skrev Vootla, Bhagwan:

> Using -Z option still returns me "Could not Activate TLS connection"
> I also tried with -p 636, which does not return me anything . Somehow
I
> need to implement this to meet the deadline (tomorrow).

-Z is LDAPv3 STARTTLS on the normal LDAP port.

To use the older LDAPv2 over SSL you need to use -H ldaps://servername/

Regards
Henrik
Received on Tue Jun 19 2007 - 15:16:07 MDT